MCPcopy Index your code
hub / github.com/Zen-Open-Source/AgentArmor

github.com/Zen-Open-Source/AgentArmor @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
93 symbols 183 edges 30 files 9 documented · 10%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

AgentArmor

Security scanner for AI agents. Scans your agent installation, checks it against the official security documentation, and gives you a score out of 100.

Currently supports OpenClaw. Pluggable architecture makes it easy to add more agent types.

Built in Rust — ships as a single self-contained binary. No runtime required.

Installation

From source:

cargo build --release
cp target/release/agent-armor /usr/local/bin/

Via cargo:

cargo install agent-armor

Homebrew (coming soon):

brew install agent-armor

Usage

# Auto-detect installed agent and scan
agent-armor scan

# Specify agent type
agent-armor scan --agent openclaw

# Show all checks (including passing)
agent-armor scan --verbose

# Machine-readable JSON output
agent-armor scan --json

What It Checks

AgentArmor runs 30 security checks across 14 categories, all derived from the OpenClaw Security Documentation:

Category Points Checks
Authentication 12 Auth mode, token vs password, token strength (>= 32 chars)
File Permissions 10 ~/.openclaw dir is 700, config is 600, credential files protected
Network Exposure 12 Loopback binding, port not publicly exposed, Tailscale preferred
DM Security 8 DM policy is pairing/allowlist, per-channel-peer session isolation
Group Security 6 Groups require @mention, no open group policies
Tool Authorization 10 Dangerous tools denied, elevated tools disabled, restrictive profile
Exec Security 10 Shell exec denied, approval required, strict inline eval
Sandboxing 10 Sandbox mode enabled, per-agent/session scope, no dangerous Docker flags
Browser Security 6 SSRF private network blocked, dedicated browser profile
Dangerous Flags 6 No insecure config flags enabled
Logging & Privacy 4 Sensitive data redaction, transcript permissions
mDNS/Discovery 2 mDNS set to minimal or off
Control UI 2 Origin allowlist configured, device auth enabled
Plugins 2 Explicit plugin allowlist configured
Secrets Management 12 secrets.json permissions, auth profile permissions, no hardcoded passwords, no plaintext API keys, secrets not in agent workspace

Scoring

Each check has a severity level (critical, high, medium, low) and a point value. Your score is normalized to 100 regardless of how many checks are active.

  • 80–100: Well hardened
  • 60–79: Needs attention
  • Below 60: Significant risks

Example Output

  AgentArmor Security Scan — OpenClaw
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  Score: 72/100 (81/112 pts)

  Authentication                     8/12
    ✓ Gateway auth enabled                 4/4
    ✓ Token auth mode (recommended)        4/4
    ✗ Auth token strength                  0/4
      Token length: 13 chars (minimum 32 recommended)
      Fix: Generate a strong token: openclaw doctor --generate-gateway-token

  Secrets Management                 9/12
    ✓ secrets.json permissions             2/2
    ✓ Auth profile file permissions        2/2
    ✓ Password not hardcoded in config     3/3
    ✓ No plaintext secrets in config       3/3
    ⚠ Secrets not in agent workspace       0/2
      ...

Exit Codes

Code Meaning
0 Scan passed (no critical failures)
1 Critical security issues found
2 Scanner error (agent not found, config parse failure, etc.)

Adding a New Agent

Create a new module under src/agents/<name>/ and implement the AgentPlugin trait:

pub trait AgentPlugin {
    fn name(&self) -> &'static str;
    fn display_name(&self) -> &'static str;
    fn detect(&self) -> bool;
    fn scan(&self) -> anyhow::Result<Vec<CheckResult>>;
}

Then register it in src/agents/mod.rs. See src/agents/openclaw/ for a complete example.

Building

Requires Rust 1.70+.

cargo build            # Debug build
cargo build --release  # Optimized release build (stripped, LTO enabled)

License

MIT

Extension points exported contracts — how you extend this code

AgentPlugin (Interface)
(no doc) [1 implementers]
src/types.rs

Core symbols most depended-on inside this repo

get_str
called by 28
src/utils/config.rs
get
called by 15
src/utils/config.rs
get_bool
called by 12
src/utils/config.rs
set_config_value
called by 10
src/fixer.rs
needs_perm_fix
called by 6
src/fixer.rs
check_permissions
called by 6
src/utils/fs.rs
run_scan
called by 3
src/scanner.rs
read_config
called by 3
src/utils/config.rs

Shape

Function 69
Class 12
Method 6
Enum 5
Interface 1

Languages

Rust100%

Modules by API surface

src/agents/openclaw/checks/cve.rs21 symbols
src/fixer.rs20 symbols
src/types.rs6 symbols
src/agents/openclaw/mod.rs6 symbols
src/utils/report.rs5 symbols
src/utils/config.rs5 symbols
src/utils/fs.rs4 symbols
src/main.rs3 symbols
src/agents/openclaw/checks/secrets.rs3 symbols
src/scanner.rs2 symbols
src/agents/openclaw/checks/tool_authorization.rs1 symbols
src/agents/openclaw/checks/sub_agents.rs1 symbols

For agents

$ claude mcp add AgentArmor \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact